1 COLORADO DEPARTMENT OF LABOR AND EMPLOYMENT STANDARD POLICY AND PROCEDURE S T A N D A R D P O L I C Y A N D P R O C E D U R E COLORADO DEPARTMENT OF LABOR AND EMPLOYMENT 1515 Arapahoe Street Denver Colorado NUMBER: SPP-0008 DATE: August 16, 2004 SUPERSEDES: N/A DATE: EXECUTIVE DIRECTOR S APPROVAL: Remote Access and Security I. PURPOSE.2 II. BACKGROUND. 2 III. IV. POLICY.3 APPLICABLE GUIDELINES.4 V. PROCEDURES 6
2 I. Purpose The purpose of this Standard Policy and Procedure (SPP) is to (1) provide direction for and (2) mandate virus protection of remote access connections to the Department of Labor and Employment s (CDLE) networks. II. Background This SPP applies to (1) all CDLE employees, contractors, consultants, temporary, and other workers including all personnel affiliated with third parties accessing the CDLE network (VPN); and (2) implementation of secure networks that are directed through a security channel, or an IPSec Concentrator. What is the VPN? 1. VPN stands for Virtual Private Network. It is the software that allows you to safely log into the CDLE private network from a remote location. 2. Because a PC can only be connected to one network at a time, you will have to log out of any programs you may have been using before using VPN to log into the CDLE private network. 3. When you are finished using the CDLE private network resources, you must remember to disconnect from the VPN connection to the CDLE private network before using your normal programs like Joblink or . Why use the VPN? 1. Security of the network and the data contained therein. 2. Certain things are only available throughout the department s private computer network, like the Intranet home page and EDSys. 3. Logging into the department s private network via the VPN can be used via Windows Remote Desktop or PC Anywhere to an individual PC that is physically located on the private network at the two main Denver office locations. 4. VPN is for people whose main PC is at one of those buildings, who sometimes work at other locations, and need to access their files via laptop or another remote PC. 5. You must have special permission and software for this kind of access, so if this is something you need to do, please contact your manager.
3 III. Policy 1. Only approved CDLE employees and authorized third parties (customers, vendors, etc.) may utilize the benefits of VPN s, which are a user managed service. a. Some special cases are temporarily granted for users not otherwise authorized. b. User managed service means that the user may be responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and possibly paying associated fees. 2. The Request For Services (RFS) system will be used to request VPN access. 3. IMO s InfoSec will be responsible for ensuring the correct authorized usage of VPN for CDLE employees. 4. If, for any reason, the VPN connection generates malicious traffic or InfoSec believes that unauthorized access has being granted, the user s VPN connection can be cancelled. a. If cancelled, the HELP Desk should be contacted for details on the cancellation. b. The user assumes responsibility for ensuring that there is no malicious traffic on their machine. 5. All non-cdle users will be responsible for setting up any anti-virus and antispyware and Microsoft patch programs on their PC s to ensure that the VPN Client computer is properly protected. Malicious traffic could still be generated if the VPN Client PC is connected to another network at the same time. 6. All non-cdle users will be responsible for ensuring that they are not echoing other traffic into CDLE s networks. Contact the CDLE HELP Desk for questions on echoing. 7. The process of allowing other machines to be connected to the VPN Client PC while connecting into VPN is called Dual or Split tunneling. a. Dual (split) tunneling is ONLY permitted with IMO approval and coordination. b. Contact the CDLE HELP Desk for questions on Dual or Split tunneling. 8. When any user creates a password for their VPN account, they need to ensure that it is not a word found in the dictionary and also a word that they do not store locally on their machine or on a piece of paper that others can read. a. They should use a strong password. b. A strong password is usually one that has both alpha and numeric characters, is at least six (6) characters long and cannot be easily guessed.
4 9. VPN users will be automatically disconnected from CDLE s network after 45 minutes of inactivity. a. The user must then log-on again to reconnect to the CDLE private network. b. 45 minutes may seem like a long time but UI Tax and Boiler/Oil Inspection users may have longer periods of inactivity on their laptops while at field locations and need the extra time. 10. Pings or other artificial network processes are not to be used to keep the connection open. a. The VPN connector will be limited to an absolute connection time of ten (10) consecutive hours. b. There are typically 8 hours in a normal business day, but there are CDLE employees that work more than a normal 8 hour workday. c. For this reason, it was felt reasonable to accommodate users that work more than 8 hours. 11. Only IMO approved or supplied VPN clients may be used. While using VPN technology with personal equipment to connect to the CDLE networks, non- CDLE users must understand that their machines are a de facto extension of CDLE s private network, and as such, are subject to the same rules and regulations that apply to CDLE-owned equipment. 12. Any employee found to have violated this policy might be subject to corrective and/or disciplinary action, up to and including termination of employment. IV. Applicable Guidelines Published State of Colorado, Federal government and private sector documentation regarding remote computer security.
5 V. Procedures 1. If the remote computer is a CDLE computer, please follow any information distributed from the Help Desk on ensuring that the patches and Trend Micro definitions are current. 2. If the remote computer is a non-cdle computer, the user needs to make sure that their anti-virus software is current and that they have the current Microsoft patches installed. 3. Microsoft patches can be installed by going to the Internet Explorer and using the Tools->Windows Update menu options. The user needs to consult their antivirus software company for procedures on ensuring that their anti-virus signatures are current. 4. A user that needs VPN access must complete a RFS (Request For Service) and obtain supervisory approval for access into VPN. 5. The InfoSec group from IES will provide the CDLE user the required software and installation instructions as well as userid and initial password when they complete the RFS. 6. If an issue is encountered with the VPN instructions, the Help Desk can be contacted during their business hours of 7:00 a.m. 5:00 p.m. at (303) How to Access the VPN. a. Close out of any programs you are currently using. Your screen should show the Windows desktop. b. In the lower left hand corner of the screen, click the START button. The START menu should open. c. Click on the ALL PROGRAMS menu option. A list of programs should pop up to the side. d. In the list of programs, click on CISCO SYSTEMS VPN CLIENT. A list of programs associated with the VPN should appear. e. Choose VPN DIALER from the list. f. The VPN dialog box should open. g. In the CONNECTION ENTRY list box, enter or select the text CDLE VPN. h. In the HOST NAME OR IP ADDRESS OF REMOTE SERVER list box, the text should already be entered.
6 i. Click the CONNECT button. There should be a pause while the connection is established. The USER AUTHENTICATION dialog box should then appear. j. In the USERNAME dialog box, enter your CDLE network USER ID (your Qxxxxx number). The ID should then appear in the list box. k. In the PASSWORD list box, enter the VPN password supplied to you by the CDLE Help Desk. Asterisks should then appear in the list box. l. Note: You should have been supplied your username and password by the CDLE Help Desk. ID s and Passwords are case sensitive, so if you have your CAPS LOCK key on, the system may not recognize them. m. Click OK. There should be a pause while you are logged into the CDLE network. You should then receive a dialog box telling you that login is complete. n. Click CONTINUE. The dialog box should close and you now have access to the CDLE network and features like the CDLE Intranet Home Page and EDSys. o. Note: Network security for those logging into the CDLE network outside of the two main buildings is very sensitive. This is to prevent any unauthorized access. If you enter the incorrect log in information five times, you will be locked out of the VPN and will have to be reset by the CDLE Help Desk, (303) , before you may attempt to access it again. p. Once you have gained access to the CDLE network, open INTERNET EXPLORER. The internet should open and display your default home page. q. In the ADDRESS list box toward the top of the screen, type and hit the ENTER key. The CDLE Intranet home page should then display on your screen. r. Note: Some features on the CDLE Intranet, like the IMO RFS ( Request for Service ) and Facilities RFBS ( Request for Building Service ) require an internal ID and password. You should know when trying to access these features because you should get an additional login box. If these features are needed, contact the CDLE Help Desk to request an ID and password. 8. How to Access the CDLE Intranet. a. You must contact your manager to have an internal account created for you by IMO. Once you have been assigned this ID you can access the Intranet features that require this.
7 b. Click on the feature you want to access. A LOGIN dialog box should appear. c. In the user name list box, enter CDLEINT\xxxxx where the Qxxxxx represents your Q number. The text should appear in the box. d. In the password list box, enter the password IMO issued to you for your internal account. Asterisks should appear in the list box. e. Press the ENTER key. You are logged into the feature application. f. Note: You must log in using this same internal user ID and password when using PC Anywhere or Windows Remote Desktop to access your PC in your Denver office. g. When you have completed your business, you may log out of the CDLE Intranet. 9. How to Access EDSys. a. Once you are in the CDLE Intranet, click on the EMPLOYEE DATA SYSTEM link toward the right side of the screen. The login dialog box for EDSys should appear. b. In the USER ID list box, type your Q number. The text should be entered in the box. c. In the PASSWORD list box, type your EDSys password. Asterisks should appear in the list box. d. Note: If you do not have an EDSys password, please contact the HELP Desk who will initiate the password for you. You can then change it to one of your choosing. Instructional material for using EDSys is available on the CDLE Intranet home page. Click on one of the links under EDSys to access the material. e. When you have completed your business, you may log out of EDSys. 10. How to Log off the VPN. a. Double-click on the VPN PADLOCK ICON in the lower right corner of the screen. The VPN Status Box should open. b. Click on the DISCONNECT button. The dialog box should close and the connection should be terminated.
NETWORK SECURITY POLICY 1. GENERAL Henry County Board of Education (Board) provides employees appropriate electronic access, consisting of e- mail communication, network connectivity, student information
Citi Secure Email Program Receiving Secure Email from Citi For External Customers and Business Partners Protecting the privacy and security of client information is a top priority at Citi. Citi s Secure
1. _Welcome Welcome to Business Internet Banking. Our online service is available 06:00 AM ET 12:00 AM (Midnight) ET, seven days a week, so you and your employees can manage your business banking accounts
INDIANA UNIVERSITY MAURER SCHOOL OF LAW New Student Guide to Technology In the law library Contents Wireless Networking Instructions for Windows Seven, Vista, XP and Mac OS X... 2 Using Windows 7 or Vista,
4. Client-Level Administration Introduction to Client Usage The Client Home Page Overview Managing Your Client Account o Editing Your Client Record View Account Status Report Domain Administration Page
If you are navigating using only the keyboard or using an assistive device and need help, visit our Navigation Instructional page for alternative views and navigation. Warning: If you select this link,
MyTax Illinois Help General use information... 5 Install Adobe Reader... 5 Enable Pop-ups in My Browser... 5 Determine Your Current Browser... 6 Change Browser Font Size... 6 Browsers that You Can Use...
Help Where may I find the answers to my Internet Banking questions? How do I contact someone if my question is not answered in this FAQ? Enrolling How do I enroll in Internet Banking? Logging In How do
4 Paramount Unified School District Technology and Ed Services Departments Computer In-service Distribute notebooks / Test logins Login information Login contexts (see Page 2) Logging in at other sites
Hamilton College Administrative Information Systems Security Policy and Procedures Approved by the IT Committee (December 2004) Table of Contents Summary... 3 Overview... 4 Definition of Administrative
Cox Business Premium Online Backup USER'S GUIDE Cox Business VERSION 1.0 Table of Contents ABOUT THIS GUIDE... 4 DOWNLOADING COX BUSINESS PREMIUM ONLINE BACKUP... 5 INSTALLING COX BUSINESS PREMIUM ONLINE
RAIDXPERT USER MANUAL Version 2.1 RAIDXpert User Manual Copyright 2010 Advanced Micro Devices, Inc. All Rights Reserved. Copyright by Advanced Micro Devices, Inc. (AMD). No part of this manual may be reproduced
I Table of Contents Foreword 0 Part I Introduction 2 Part II Downloading and Installing CMSB 2 Part III Getting Started 7 1 Configuring ChoiceMail... Small Business 7 2 Setting up user... accounts in ChoiceMail
Digital Voice Services Business User Guide 2 P a g e * Feature Access Codes *11 Broadworks Anywhere (pulling call to alternate phone) *62 Access Voicemail *72 Call Forwarding Always Activation *73 Call
13 Personal and Small Business Online Banking Agreement Table of Contents Table of Contents... 2 Online Banking... 3 Bill Payment... 10 Mobile Banking... 13 Mobile Remote Deposit Capture... 21 Page 2 Date
User Guide for the VersaMail Application Copyright and Trademark 2004 palmone, Inc. All rights reserved. palmone, HotSync, the HotSync logo, Palm, Palm OS, the Palm logo, and VersaMail are among the trademarks
Frequently Asked Questions (FAQ s) November, 2013 This list of FAQs is a subset of a larger list derived by the Agency. This list is tailored to meet the needs of users at Headquarters. If you do not find
BC OnLine Introduction to BC OnLine Last Updated January 20, 2015 Copyright 2015 Province of British Columbia. All rights reserved. This user s guide is for users of the BC OnLine services who have accepted
This guide is designed to provide some insight in to managing your Hosted PBX account. The topics in this guide are as follows: Your Role Contacting BullsEye An Overview of Hosted PBX functionality istrative
XPRESSIONS USER GUIDE 1 WHAT IS XPRESSIONS? A voicemail system that enables access via the telephone or by PC/MAC. NOTE: Siemens no longer supports the current PhoneMail system. Xpressions is the replacement.
Sage 100 Contractor 2014 (Formerly Sage Master Builder) Installation and License Administration Guide Version 19.2 This is a publication of Sage Software, Inc. Copyright 2014. Sage Software, Inc. All rights
EDI Claims Link for Windows Version 3.5 User s Manual December 2011-1 - TABLE OF CONTENTS Overview EDI Claims Link for Windows Application 4 About the EDI Claims Link for Windows Application 6 How to log
TeamViewer 7 Manual Meeting TeamViewer GmbH Kuhnbergstraße 16 D-73037 Göppingen www.teamviewer.com Table of contents 1 About TeamViewer... 5 1.1 About the software... 5 1.2 About the manual... 5 2 Basics...
User's Manual Intego Remote Management Console User's Manual Page 1 Intego Remote Management Console for Macintosh 2007 Intego, Inc. All Rights Reserved Intego, Inc. www.intego.com This manual was written
Table of Contents Carrier NOC Portal Overview... 2 Purpose and benefits of the Carrier NOC Portal... 2 Access The Carrier NOC Portal... 3 Carrier NOC Portal User Features... 5 How to search for Carrier